Added Memcachier support (#5)

Author: c4s4

README.md

@@ -8,6 +8,9 @@ This tool parses Go binary dependencies and calls [NVD database](https://nvd.nis
 2. [Usage](#usage)
 3. [Configuration](#configuration)
 4. [Cache](#cache)
+    - [Memcachier](#memcachier)
+    - [Memcached](#memcached)
+    - [Memory](#memory)
 5. [Version](#versions)
 6. [How to Fix Vulnerabilities](#how-to-fix-vulnerabilities)
 7. [Data Source](#data-source)
@@ -46,7 +49,7 @@ Exit code is *1* if exposed vulnerabilities were found, *2* if there was an erro
 
 You can pass *-verbose* option on command line to print vulnerability report, even if binary is not vulnerable and for all vulnerabilities, even if they are ignored or not exposed.
 
-You can set *-strict* flag on command line so that vulnerabilities without version are considered matching vulnerability. In this case, you should check vulnerability manually and disable it in configuration file if necessary.
+You can set *-strict* flag on command line so that vulnerabilities without version are considered matching dependency version. In this case, you should check vulnerability manually and disable it in configuration file if necessary.
 
 You can pass configuration file with *-config config.yml*, see configuration section below.
 
@@ -63,6 +66,11 @@ Configuration file is in YAML format as follows:
 ```yaml
 api-key: "28c6112c-a7bc-4a4e-9b14-75be6da02211"
 strict: false
+memcachier:
+  address:    mcx.cy.eu-central-1.ec2.memcachier.com:11211
+  expiration: 86400
+  username:   foo
+  password:   bar
 memcached:
   address:    127.0.0.1:11211
   expiration: 86400
@@ -74,6 +82,7 @@ Configuration fields are the following:
 
 - **api-key**: this is your NVD API key
 - **strict**: tells if we should consider vulnerability matches without version as matching dependency
+- **memcachier** is the configuration for *memcachier*, with **address**, **expiration** (time in seconds), **username** and **password**
 - **memcached** is the configuration for *memcached*, with **address** and **expiration** time in seconds
 - **ignore**: a list of CVE vulnerabilities to ignore
 
@@ -83,9 +92,53 @@ Note that without API key, you will be limited to *10* requests in a rolling *60
 
 ## Cache
 
-If you define the *memcached* configuration in your configuration file, *memcached* will be used to cache calls to NVD database. This is useful because if you perform more call that allowed, your calls will significantly slow down. An sample [docker-compose.yml](https://github.com/intercloud/gobinsec/blob/main/docker-compose.yml) to start a *memcached* instance is proposed in this project.
+A cache is useful because if you perform more call to NVD database that allowed, your calls will significantly slow down. Gobinsec tries to build caches in this order:
+
+### Memcachier
+
+A cache is built with *Memcachier* if following section is found in configuration file:
+
+```yaml
+memcachier:
+  address:    ...
+  expiration: ...
+  username:   ...
+  password:   ...
+```
+
+Else, il will look for following environment variables:
+
+```
+MEMCACHIER_ADDRESS
+MEMCACHIER_EXPIRATION
+MEMCACHIER_USERNAME
+MEMCACHIER_PASSWORD
+```
+
+[Memcachier](https://www.memcachier.com) is an online cache provider with free tiers.
+
+### Memcached
+
+If no configuration is found for *Memcachier*, it will try to build a cache for *Memcached*, if following section is found in configuration file:
+
+```yaml
+memcached:
+  address:    ...
+  expiration: ...
+```
+
+Else it will look for following environment variables:
+
+```
+MEMCACHED_ADDRESS
+MEMCACHED_EXPIRATION
+```
+
+A sample [docker-compose.yml](https://github.com/intercloud/gobinsec/blob/main/docker-compose.yml) file to start a *memcached* instance is provided in this project.
+
+### Memory
 
-If you don't define the *memcached* configuration, the program will use a memory cache when you pass more than one binary to analyse on command line.
+If no configuration is found for *Memcachier* and *Memcached*, it will instantiate a memory cache. This cache will be useful if you pass more than one binary on command line.
 
 ## Versions
 

go.mod

@@ -3,12 +3,13 @@ module github.com/intercloud/gobinsec
 go 1.17
 
 require (
+	github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d
 	github.com/fatih/color v1.13.0
+	github.com/memcachier/gomemcache v0.0.0-20170425125614-d027381f7653
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 )
 
 require (
-	github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d // indirect
 	github.com/mattn/go-colorable v0.1.9 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect

go.sum

@@ -7,6 +7,8 @@ github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/memcachier/gomemcache v0.0.0-20170425125614-d027381f7653 h1:222emoxOt/bCmNHp8Xt0Pr5Am3gIbqRKFpb4CQ9O2SI=
+github.com/memcachier/gomemcache v0.0.0-20170425125614-d027381f7653/go.mod h1:KoYVbOQexD45AOLfn+gsFB6c3o4ANzP1QKzjE6tZbK0=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I=

gobinsec/cache-memcached.go

@@ -1,6 +1,39 @@
 package gobinsec
 
-import "github.com/bradfitz/gomemcache/memcache"
+import (
+	"os"
+	"strconv"
+
+	"github.com/bradfitz/gomemcache/memcache"
+)
+
+// MemcachedConfig is the configuration for memcached
+type MemcachedConfig struct {
+	Address    string `yaml:"address"`
+	Expiration int32  `yaml:"expiration"`
+}
+
+// NewMemcachedConfig returns configuration
+func NewMemcachedConfig(config *MemcachedConfig) *MemcachedConfig {
+	var address string
+	var expiration int32
+	if config != nil {
+		return config
+	} else if os.Getenv("MEMCACHED_ADDRESS") != "" {
+		address = os.Getenv("MEMCACHED_ADDRESS")
+		exp, err := strconv.Atoi(os.Getenv("MEMCACHED_EXPIRATION"))
+		if err != nil {
+			return nil
+		}
+		expiration = int32(exp)
+		return &MemcachedConfig{
+			Address:    address,
+			Expiration: expiration,
+		}
+	} else {
+		return nil
+	}
+}
 
 // MemcachedClient is the Cache using memcached
 type MemcachedClient struct {
@@ -9,10 +42,10 @@ type MemcachedClient struct {
 }
 
 // NewMemcachedCache builds a memcached cache
-func NewMemcachedCache() Cache {
+func NewMemcachedCache(config *MemcachedConfig) Cache {
 	cache := MemcachedClient{
-		Client:     memcache.New(config.Memcached.Address),
-		Expiration: config.Memcached.Expiration,
+		Client:     memcache.New(config.Address),
+		Expiration: config.Expiration,
 	}
 	return &cache
 }

gobinsec/cache-memcachier.go

@@ -0,0 +1,88 @@
+package gobinsec
+
+import (
+	"os"
+	"strconv"
+
+	"github.com/memcachier/gomemcache/memcache"
+)
+
+// MemcachierConfig is the configuration for Memcachier
+type MemcachierConfig struct {
+	Address    string `yaml:"address"`
+	Expiration int32  `yaml:"expiration"`
+	Username   string `yaml:"username"`
+	Password   string `yaml:"password"`
+}
+
+// MemcachierClient is the Cache using Memcachier
+type MemcachierClient struct {
+	Client     *memcache.Client
+	Expiration int32
+}
+
+// NewMemcachierConfig returns configuration
+func NewMemcachierConfig(config *MemcachierConfig) *MemcachierConfig {
+	var username, password, address string
+	var expiration int32
+	if config != nil {
+		return config
+	} else if os.Getenv("MEMCACHIER_ADDRESS") != "" {
+		username = os.Getenv("MEMCACHIER_USERNAME")
+		password = os.Getenv("MEMCACHIER_PASSWORD")
+		address = os.Getenv("MEMCACHIER_ADDRESS")
+		exp, err := strconv.Atoi(os.Getenv("MEMCACHIER_EXPIRATION"))
+		if err != nil {
+			return nil
+		}
+		expiration = int32(exp)
+		return &MemcachierConfig{
+			Address:    address,
+			Expiration: expiration,
+			Username:   username,
+			Password:   password,
+		}
+	} else {
+		return nil
+	}
+}
+
+// NewMemcachierCache builds a Memcachier cache
+func NewMemcachierCache(config *MemcachierConfig) Cache {
+	client := memcache.New(config.Address)
+	client.SetAuth(config.Username, []byte(config.Password))
+	cache := MemcachierClient{
+		Client:     client,
+		Expiration: config.Expiration,
+	}
+	return &cache
+}
+
+// Get returns NVD response for given dependency
+func (mc *MemcachierClient) Get(d *Dependency) []byte {
+	item, err := mc.Client.Get(d.Key())
+	if err != nil {
+		return nil
+	}
+	return item.Value
+}
+
+// Set put NVD response for given dependency in cache
+func (mc *MemcachierClient) Set(d *Dependency, v []byte) {
+	item := memcache.Item{
+		Key:        d.Key(),
+		Value:      v,
+		Expiration: mc.Expiration,
+	}
+	mc.Client.Set(&item) // nolint:errcheck // we ignore error
+}
+
+// Ping calls Memcachier
+func (mc *MemcachierClient) Ping() error {
+	item := memcache.Item{
+		Key:        "test",
+		Value:      []byte("test"),
+		Expiration: mc.Expiration,
+	}
+	return mc.Client.Set(&item)
+}

gobinsec/cache.go

@@ -9,10 +9,12 @@ type Cache interface {
 }
 
 func BuildCache() error {
-	if config.Memcached == nil {
-		cache = NewMemoryCache()
+	if conf := NewMemcachierConfig(config.Memcachier); conf != nil {
+		cache = NewMemcachierCache(conf)
+	} else if conf := NewMemcachedConfig(config.Memcached); conf != nil {
+		cache = NewMemcachedCache(conf)
 	} else {
-		cache = NewMemcachedCache()
+		cache = NewMemoryCache()
 	}
 	return cache.Ping()
 }

gobinsec/config.go

@@ -8,15 +8,11 @@ import (
 )
 
 type Config struct {
-	APIKey    string           `yaml:"api-key"`
-	Memcached *MemcachedConfig `yaml:"memcached"`
-	Ignore    []string         `yaml:"ignore"`
-	Strict    bool             `yaml:"strict"`
-}
-
-type MemcachedConfig struct {
-	Address    string `yaml:"address"`
-	Expiration int32  `yaml:"expiration"`
+	APIKey     string            `yaml:"api-key"`
+	Memcached  *MemcachedConfig  `yaml:"memcached"`
+	Memcachier *MemcachierConfig `yaml:"memcachier"`
+	Ignore     []string          `yaml:"ignore"`
+	Strict     bool              `yaml:"strict"`
 }
 
 var config Config

test/config-memcached.yml

@@ -2,7 +2,5 @@ api-key:   "${NVD_API_KEY}"
 memcached:
   address:    127.0.0.1:11211
   expiration: 86400
-  username:
-  password:   
 ignore:
 - "CVE-2020-14040"

test/config-memcachier.yml

@@ -0,0 +1,8 @@
+api-key:   "${NVD_API_KEY}"
+memcachier:
+  address:    mcx.cy.eu-central-1.ec2.memcachier.com:11211
+  expiration: 86400
+  username:   foo
+  password:   bar
+ignore:
+- "CVE-2020-14040"